Computing systems can include multiple computing devices such as servers, desktop PCs, laptops, and workstations, and peripheral devices, (e.g., printers, facsimile devices, and scanners). In some systems, these network devices can be networked together across a local area network (LAN), wireless LAN, and/or wide area network (WAN) via routers, hubs, switches, and the like to form a computing device network. A LAN and/or WAN uses clients and servers that have network-enabled operating systems such as Windows, Mac, Linux, and Unix.
Computing device network environments can include various network services such as dynamic host configuration protocol (DHCP) services, domain name system (DNS) services, authentication services, email services, and/or directory services, among various other network services.
Network administrators (NAs) and security analysts continually face the challenge of locating unauthorized, e.g., rogue, services that can be used by unauthorized users, e.g., hackers, to compromise network security. Rogue services can interfere with an authorized version of the service and can be used to maliciously disrupt network and/or other information technology operations.
In some situations, a NA may not become aware of a rogue network service until the network begins exhibiting problems or disruptions due to the rogue service. Therefore, it can be beneficial to monitor network services in order to detect and/or suppress rogue network services as soon as possible to reduce and/or prevent such services from causing problems or disruptions to the network.